1. Download our Official Android App: Forums for Android!

Chip ATM/Credit Cards...

Discussion in 'Off Topic' started by Dngrsone, Jun 26, 2016.

  1. Dngrsone

    Dngrsone Android Expert
    Thread Starter
    Rank:
     #37
    Points:
    653
    Posts:
    4,191
    Joined:
    Jan 24, 2013

    Jan 24, 2013
    4,191
    3,990
    653
    Male
    Avionics Technician
    Centrally located far from everywhere, CA
    My current bank is about to replace my debit card with a chipped one. Dngrswife reads this notice from the bank announcing such and asked me, "what are these things and why are they better than the current cards?"

    Sensible question. So I give her the pat answer of the chip is more secure and the bad guys can't skim your information with a nearly invisible scanner slapped to the front of the ATM anymore.

    But then later, it occurred to me: the new cards still have stripes, and they have to be backward-compatible with current point-of-sale fixtures.

    So... the bad guys can still skim the card... they are just going to be restricted to store that don't use chips! Or am I missing something here?
     

    Advertisement

    mikedt likes this.
  2. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    36,803
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    36,803
    35,078
    4,238
    Male
    IT
    Pennsylvania
    Here's how I think it works ... with the chip, you have to have the card physically in the machine during the entire transaction, plus pin so it's more secure. Not much chance of a clerk walking away with your card for a second and swiping it out of sight. Eventually the stripe will go away, but in the meantime as long as you have a chipped card the liability falls to the merchant.

    So if you don't get the chipped card, you assume responsibility for any charges made. If you have a chipped card, but the merchant hasn't updated their system to take chipped cards, they assume the liability. If you have a chipped card and the merchant uses the chip, then the bank protects both.
     
    mikedt likes this.
  3. Clementine_3

    Clementine_3 Android Expert
    VIP Member
    Rank:
     #28
    Points:
    1,043
    Posts:
    5,590
    Joined:
    Nov 16, 2009

    Nope, I don't think you are missing anything. Or I am too.

    I hate the chip, it's slower than molasses for some reason and you have to just leave it sitting in the terminal. The beep to remove is very faint and I know I'm going to walk out with it still stuck there. I usually bag my own stuff so am not just standing there watching it, bad of me I know but that's what happens.

    I SO much prefer to use Android Pay, it's faster all around and I can put my phone back in my pocket right away. Safer too.
     
    mikedt likes this.
  4. The_Chief

    The_Chief Accept no imitations!
    Moderator
    Rank:
     #9
    Points:
    2,043
    Posts:
    13,797
    Joined:
    Nov 17, 2009

    Nov 17, 2009
    13,797
    13,847
    2,043
    Male
    I'm retired: every day's a Monday :P
    Manchester, TN
    There is a transition going on. Eventually, we'll be on the Euro-style chip-and-pin system where you need both the physical card AND a PIN to purchase things. Without the PIN, people can steal your card data or even the card itself... and it's worthless to them. There will be growing pains as we make the transition, but we'll get there :)
     
    mikedt and lunatic59 like this.
  5. Clementine_3

    Clementine_3 Android Expert
    VIP Member
    Rank:
     #28
    Points:
    1,043
    Posts:
    5,590
    Joined:
    Nov 16, 2009

  6. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    36,803
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    36,803
    35,078
    4,238
    Male
    IT
    Pennsylvania
    I much prefer the chip and pin. The card never leaves your field of vision.
     
    mikedt and psionandy like this.
  7. Clementine_3

    Clementine_3 Android Expert
    VIP Member
    Rank:
     #28
    Points:
    1,043
    Posts:
    5,590
    Joined:
    Nov 16, 2009

    Unless you're like I am. :p
     
  8. Dngrsone

    Dngrsone Android Expert
    Thread Starter
    Rank:
     #37
    Points:
    653
    Posts:
    4,191
    Joined:
    Jan 24, 2013

    Jan 24, 2013
    4,191
    3,990
    653
    Male
    Avionics Technician
    Centrally located far from everywhere, CA
    From I've been reading, the US isn't planning on Chip-and-PIN unless and until another Target-level breach or three occur. For now, it's mostly unencrypted Chip-and-Signature, which is asinine: I've used my actual signature exactly one time in the past six months when one cashier actually asked to see my ID and was ready to compare my signature to the ID.

    I couldn't tip her, but I did thank her for her diligence.
     
    Gmash, mikedt and Clementine_3 like this.
  9. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    36,803
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    36,803
    35,078
    4,238
    Male
    IT
    Pennsylvania
    If Google Pay (or any reliable NFC pay system) were ubiquitous, sure, i'd prefer that, but for general transactions, chip and pin, no matter how inconvenient, is better than free-range credit cards. :p :p
     
    mikedt, Clementine_3 and Dngrsone like this.
  10. The_Chief

    The_Chief Accept no imitations!
    Moderator
    Rank:
     #9
    Points:
    2,043
    Posts:
    13,797
    Joined:
    Nov 17, 2009

    Nov 17, 2009
    13,797
    13,847
    2,043
    Male
    I'm retired: every day's a Monday :P
    Manchester, TN
    If it comes to chip-and-pin, it comes to it. If it stays chip-and-signature, which I hope it DOESN'T because it's not nearly as secure, then it is what it is. There WILL be more breaches, bank on it.
     
    mikedt likes this.
  11. Fox Mulder

    VIP Member
    Rank:
     #69
    Points:
    393
    Posts:
    1,749
    Joined:
    Feb 19, 2012

    Feb 19, 2012
    1,749
    1,297
    393
    NYC
    Still chip-and-sign, and that's at places that actually use the chip. A large number of merchants still haven't enabled the chip even on terminals that can accept it. I'll put my card in the slot and nothing happens, and the cashier will tell me it's not working so I have to swipe.
    I think there are some issues with how the card co's are rolling this out to the merchants, and there also may be liability issues as the merchants will now be liable for fraudulent purchases instead of the issuing bank.
    Getting cash at the ATM is also a lot slower now, you have to put the card in, wait for it to be read before you can enter your PIN, then remove the card before the cash is dispensed. And not all ATM's have it working yet either, at some you still swipe the card the old-fashioned way.
     
    mikedt and The_Chief like this.
  12. basic 101 user

    basic 101 user Android Enthusiast
    Rank:
    None
    Points:
    203
    Posts:
    508
    Joined:
    Jun 22, 2016

    Jun 22, 2016
    508
    773
    203
    Male
    A few random thoughts, some more, and some less related to the topic at hand.

    1) Knowing relatively little about computers, and much more about mechanical systems, I would offer the following (only speculation): The data encoded in the magnetic stripe is read by passing the card through a reader, over its full length, from one end to the other. When using the chip interface, the card is plunged part way into a socket / receiver. The data on the stripe can therefore continue to exist on your card, and be useful for "old school" readers, but can't be skimmed by an unauthorized scanner slapped onto an ATM chip reader socket. As you and others suggest, it seems like the old vulnerability does indeed still exist, there are backward compatibility issues and transitional period to deal with. Until the magnetic stripes and their readers are a thing of the past, the better option would seem to be the chip, and probably for other reasons I haven't even conceived of.

    2) Like others, I'm all but certain the day will come when I leave my card in the reader, a frightening thought. I would love some reassurance and enlightenment from others.......Does it now come down to mere physical possession of the card, or are there other security measures I'm not aware of? In a chip and PIN system, does the PIN you enter already exist on the card, in an encrypted form, and the point of sale terminal compares what you enter, with the data in the chip? Or does the POS terminal "fetch" that information from a remote server, and make the comparison to the value entered at the keypad to verify? If the former, it seems like again, simple possession of the card (and a little hacking) would be all that is necessary for fraud. If the latter is true, and there is more two way communication going on at the POS than I know, does it open up other possibilities? Ability to "kill" or deactivate a card from a remote location? Either at the customer's request, or worse, without his/her consent? Ability to "flash" new data to the chip, if you are concerned you may have been compromised?

    3) I find it interesting some of the other security features which either persist, or never really took hold. As already pointed out, comparison of actual signatures seems like a quaint relic, and hardly ever happens any more, but they still give us that field on the back. The three digit "security code" on the back should be carefully guarded, I was taught; We give it freely and frequently, now. Around 1988 I got my first card with my picture on it; At the time, it seemed fairly advanced, I didn't know anyone else with that. Now, 25+ years later (gasp...) it too seems quaint and primitive as a security measure, but over the years, I regularly and still run into cashiers who have never seen such a card, find it remarkable.

    I only get truly cranky when one of those cashiers looks back and forth at the card and me, a half dozen times, and asks........"Damn, when was this picture taken?"o_O
     
    mikedt and Dngrsone like this.
  13. AZgl1500

    AZgl1500 Android Expert
    Rank:
     #43
    Points:
    618
    Posts:
    6,400
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,400
    3,144
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    What is scary around here in Oklahoma, is merchants are fast going the route of "if it is less than $50, don't ask for a pin or signature, just approve the sale".

    Wal-mart is where I first noticed this, they no longer ask for a pin code on my debit card.
    McDonald's is doing that everywhere. I just traveled 3500 miles to the east coast and back, and all of the McD's just let you swipe and eat... no pin code required.

    The very first Fast Food that started doing that, was Sonic.... back 10 years ago, they would ask for your zipcode. well, me being ornery, I just plugged in 44444 and it took it anyway. so, I tried all of the digits, and it don't care, just enter 5 digits, they are not looked at.


    Here in my little burg, all of the merchants are now doing the same thing, if it is less than $25 at the convenience stores, "that's okay, it is approved"....
     
    mikedt likes this.
  14. mikedt

    mikedt 你好
    Rank:
     #6
    Points:
    2,238
    Posts:
    24,658
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    24,658
    13,650
    2,238
    Teachaaa
    Jinan, China
    About PINs, I'm pretty sure the PIN is not encoded on the card, it's held by the bank. Another thing I know the UK only has 4 digit PINs with credit cards, China they must be 6 digit. Also unlike the UK there's NO outside, on-street,, hole-in-the-wall ATMs at all. They're always inside the banks(and usually in enclosed booths) or in supermarkets, etc.

    I often use Tenpay via Wechat now. Which doesn't require NFC, you scan a QR code instead. Many devices still don't have NFC in them, especially China phones. There's Alipay as well, which works the same way. Both of these have really become quite ubiquitous in China. AFAICT they're quite secure, you enter your PIN on the phone, and can see the merchant you're paying. Online payments are handled in the same way, scan a QR code on the vendor's website, enter PIN on phone, transaction is authorized.


    Only 5-6 years ago, it was sometimes quite difficult to find a place that accepted credit cards, they were often cash only, and personal cheques were unheard of.
     
    #14 mikedt, Jun 26, 2016
    Last edited: Jun 27, 2016
  15. JimSmith94

    JimSmith94 Android Enthusiast
    Rank:
    None
    Points:
    63
    Posts:
    322
    Joined:
    May 5, 2010

    May 5, 2010
    322
    67
    63
    Irving, TX USA
    The other day I forgot to insert my chip card and swiped it instead. A message popped up on the screen telling me to insert it into the chip reader.
     
    AZgl1500 likes this.
  16. mikedt

    mikedt 你好
    Rank:
     #6
    Points:
    2,238
    Posts:
    24,658
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    24,658
    13,650
    2,238
    Teachaaa
    Jinan, China
    The terminal we had, if we just swiped a chipped credit card, a message would pop-up stating that it had to read the chip, and the card had to be in the terminal throughout the whole transaction.

    I do notice on ATMs, it always takes quite a long time to read the chip before it will do anything.
     
  17. mrex

    mrex Android Enthusiast
    Rank:
    None
    Points:
    143
    Posts:
    518
    Joined:
    Dec 6, 2012

    Dec 6, 2012
    518
    354
    143
    Male
    M.Sc.
    Europe
    we have a nfc card payment but you can pay only purchases under 25euros without the pin. it cant be use to pay higher amounts - that is good for sure. you can add that feature to your bank card or you can get your nfc chip in your phone (android) to work and pay with it.

    unfortunately i have iphone nowadays :(
     
  18. AZgl1500

    AZgl1500 Android Expert
    Rank:
     #43
    Points:
    618
    Posts:
    6,400
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,400
    3,144
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    yeah, have run into that in several places. Home Depot was the first retail place I had that happen, there were the first in my area to start using those chip readers.
     
  19. dontpanicbobby

    dontpanicbobby Android Expert
    Rank:
     #14
    Points:
    1,563
    Posts:
    11,569
    Joined:
    Dec 31, 2011

    Dec 31, 2011
    11,569
    7,009
    1,563
    Male
    Boston MA USA
    I hate that. Happens to me all the time. You'd think you could use it either way.
     
  20. kokiangel

    kokiangel Android Expert
    Rank:
     #92
    Points:
    253
    Posts:
    1,296
    Joined:
    Nov 12, 2009

    Nov 12, 2009
    1,296
    689
    253
    Female
    Banker
    Helena, Alabama


    I've long noticed this trend at my local stores in Alabama. Not just Walmart, all of them. I will be glad to get a chip card and add the security to my account. Until then I insist on using my debit card as a credit card and signing for my purchases every time so they have an actual authorized signature. If I ever see a charge on my account that I am sure I didn't make they can then pull the charge ticket and see the signature.
     
    #20 kokiangel, Jun 27, 2016
    Last edited: Jun 27, 2016
    Clementine_3 likes this.
  21. Clementine_3

    Clementine_3 Android Expert
    VIP Member
    Rank:
     #28
    Points:
    1,043
    Posts:
    5,590
    Joined:
    Nov 16, 2009

    I rarely use my debit card, I use a CC (no PIN) for everything but haven't signed for anything under $25 in a looong time. Some places (grocery store) now have upped the limit to $50. That seems to be going in the wrong direction!

    There are just too many different ways to pay with too many varying rules and too many ways for things to go way wrong. Ugh. Dear banks and retailers, fix it.
     
  22. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    36,803
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    36,803
    35,078
    4,238
    Male
    IT
    Pennsylvania
    The problem right now is that too many people have mixed credit cards, debit cards etc. and they can't simply turn off a certain form of payment on a given day. I have a few cards and two of them automatically sent me a new chipped card, but one didn't. I had to call and request it.

    So merchants have to cater to the varying payment types until the majority of people have been reissued chipped cards. As far as signatures go, if the bank says they aren't concerned about charges below $25 or $50 and they won't hold the merchant liable, then there's no incentive for the merchant to capture a signature ... so they don't.
     
    Clementine_3 likes this.
  23. Clementine_3

    Clementine_3 Android Expert
    VIP Member
    Rank:
     #28
    Points:
    1,043
    Posts:
    5,590
    Joined:
    Nov 16, 2009

    I still don't have a chip card for my ATM/debit bank card. I asked them about it and they said they had no plans to issue them yet.

    Right, it is all back on the card issuer, I'm not worried about it but find it...confusing, or something.
     
  24. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #2
    Points:
    4,238
    Posts:
    36,803
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    36,803
    35,078
    4,238
    Male
    IT
    Pennsylvania
    The problem is without the chip, the consumer can be liable for fraudulent purchases.

    If you're bank isn't issuing them, then they are least compliant and they accept liability as before, however if they ARE issuing chipped cards and you don't have one .... and your debit card number is used for a fraudulent transaction, then you could be liable for the loss.
     
  25. AZgl1500

    AZgl1500 Android Expert
    Rank:
     #43
    Points:
    618
    Posts:
    6,400
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,400
    3,144
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    I have set my Credit Union up to give me an instant SMS alert, and an email for each and every transaction on my Debit card.

    I do not have a credit card, other than American Express which I only use for hotels and such.
    and that one was hacked by some hotel clerk, who sold it to someone else evidently.
    right after I stayed in a hotel on the east coast, little charges started showing up on that account as "Card Not Present Transaction"...

    that was not my pattern, and American Express called me on the phone and asked me about them.
    the card did not have any alerts on it, but I plan to change that. Anyhow, when I explained that I only use the Amex card for lodging, all of the other stuff was in weird places I have never been.

    Amex canceled the card, issued me a new one, and credited me back all of those charges.
     

Share This Page

Loading...